Full Disclosure mailing list archives
Removing ShKit Root Kit
From: Chris <chris () cr-secure net>
Date: Sun, 21 Dec 2003 19:28:55 -0500
Can anyone reccomend some links or useful information for removing the "ShKit Rootkit". CHKROOTKIT detected this thing on a RedHat 8.0 server owned by a client of mine.
"Searching for ShKit rootkit default files and dirs... Possible ShKit rootkit installed" <== chkrootkit output
I have only read limited information on this rootkit from a honeypot report where it was used, no cleaning information. Ive googled a bunch of times, dont go out of your way to answer this, the box will be redone anyway. Im just curious to find out what this rootkit is about, not even packetstorm has a copy to look at :)
Thanks, ChrisR- http://www.cr-secure.net _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Removing ShKit Root Kit Chris (Dec 21)
- Re: Removing ShKit Root Kit Cael Abal (Dec 21)
- Re: Removing ShKit Root Kit Alexander Schreiber (Dec 21)
- Re: Removing ShKit Root Kit Chris (Dec 22)
- Re: Removing ShKit Root Kit Ron DuFresne (Dec 22)
- <Possible follow-ups>
- Re: Removing ShKit Root Kit nicholas (Dec 22)
- Re: Removing ShKit Root Kit Wesley D Craig (Dec 22)
- re: Removing ShKit Root Kit nicholas (Dec 22)
- RE: Removing ShKit Root Kit Schmehl, Paul L (Dec 22)
- Re: Removing ShKit Root Kit Brian Eckman (Dec 22)
- Re: Removing ShKit Root Kit Gino Thomas (Dec 22)
- Re: Removing ShKit Root Kit Brian Eckman (Dec 22)
(Thread continues...)